Congress mulls law requiring warrant for e-mail data—yet again

It's a new Congress, which means it's that time for another legislative proposal to bolster Americans' e-mail privacy.

Ever since the Reagan era, the law has allowed cops to get e-mail or other cloud-stored content without a warrant, so long as it's been stored on a third party's servers for at least six months. That law, combined with others, also allows the authorities to obtain cell-site data without a warrant. (Court rulings on these topics are mixed, and some key e-mail services, like Google, Microsoft, and others, say they demand warrants despite the law.) Reagan signed the Electronic Communications Privacy Act (ECPA) in 1986, when CompuServe was king and e-mail was briefly stored on servers before recipients downloaded it with their own software.

Further Reading

Rep. Zoe Lofgren (D-Calif.), Rep. Ted Poe (R-Texas), and Suzan Delbene (D-WA) say a court warrant should be required for the authorities to obtain cloud content and geolocation data. This and similar proposals have been floated for years to update the ECPA. They haven't gone anywhere. A majority of House members last year agreed with the idea, but a proposal to update the ECPA never even got a hearing. And the year before that, in 2013, the Senate Judiciary Committee passed a reform measure requiring the authorities to obtain a probable-cause warrant to acquire cloud-based data—the same Fourth Amendment standard necessary to search the same material if it was on a hard drive. However, an anonymous lawmaker or lawmakers had blocked the measure from going before the full Senate for a yes or no vote.

Prohibit service providers from disclosing a user's geolocation information to the government in the absence of a warrant or exception

Prohibit the use of unlawfully obtained geolocation information as evidence

Provide for administrative discipline and a civil cause of action if geolocation information is unlawfully intercepted or disclosed

"Fourth Amendment protections don't stop at the Internet, and Americans rightly expect Constitutional protections to extend to their online communications and location data," Lofgren said Monday. "Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect and would enable service providers to build greater trust with their users and global trading partners."

FBI Director James Comey said last year that he didn't object to the changeover. The Securities and Exchange Commission has balked at the idea.

David Kravets
The senior editor for Ars Technica. Founder of TYDN fake news site. Technologist. Political scientist. Humorist. Dad of two boys. Been doing journalism for so long I remember manual typewriters with real paper. Emaildavid.kravets@arstechnica.com//Twitter@dmkravets